FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the change in name of the Tab 'Firewall Policy' when set to 'Policy-based' mode.
Scope For version 6.2.3.
Solution When the FortiGate is set in 'Policy-based mode', the feature 'Firewall policy' includes the below configurable options:
# config firewall consolidated policy edit 1 set status enable set name "test" set uuid eeb8f3b8-5f7e-51ea-f029-b8ffe96c2d75 set srcintf "port1" set dstintf "port2" set srcaddr4 "10.47.2.74_remote_subnet_1" set dstaddr4 "FABRIC_DEVICE" set srcaddr-negate disable set dstaddr-negate disable set service-negate disable set internet-service disable set internet-service-src disable set service "ALL_TCP" set ssl-ssh-profile "no-inspection" set diffserv-forward disable set diffserv-reverse disable set tcp-mss-sender 0 set tcp-mss-receiver 0 set session-ttl 0 set comments '' next end
After upgrading the FortiGate to OS 6.2.3, the tab is now renamed as 'SSL Inspection and Authentication'. The basic feature and functionality remains completely same except that there is one additional feature for asic offloading.
- set auto-asic-offload enable.
as shown below:
edit 1 set status enable set name "Default" set uuid ec72e402-5f7d-51ea-5a20-b68b02512e11 set srcintf "any" set dstintf "any" set srcaddr4 "all" set dstaddr4 "all" set srcaddr6 "all" set dstaddr6 "all" set srcaddr-negate disable set dstaddr-negate disable set service-negate disable set internet-service disable set internet-service-src disable set service "ALL" set ssl-ssh-profile "certificate-inspection" set auto-asic-offload enable set diffserv-forward disable set diffserv-reverse disable set tcp-mss-sender 0 set tcp-mss-receiver 0 set session-ttl 0 --More-- set comments '' --More-- next --More-- end
